project-field-management

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to run commands like "gh project field-list" and "gh project item-list" to fetch and parse GitHub project data (user-generated/untrusted content such as fields, options, iterations, and item text) which the agent must read to obtain IDs and make subsequent editing decisions, so third-party content can indirectly inject instructions or change actions.